Good bye Facebook (a Facebook horror story)
In May 2022, we were forced to remove the “Log in with Facebook” feature from our website, and ask all our members who depend on it (~20% of them) to confirm their email address and choose a password. I will explain how and why in this post.
Trigger warning: you may not want to use Facebook anymore after you read this.
(you may watch the video or read the article, theyβre essentially telling the same thing, but the article gives more details π)
Overview
You must be familiar with this “Log in with Facebook” button you see on most websites.
Facebook Login is a fast and convenient way for people to create accounts and log into your app across multiple platforms.
Facebook
When I created My Transgender Date (MTD for short), I thought it was great to offer this option to our members πΊ
One click on “Sign up with Facebook” and boom, you have a new account on MTD.
One click on “Log in with Facebook” and boom, you are logged in to your account on MTD.
No worries about having to choose and remember a password.
From a user’s perspective, it is very convenient.
And our members love it. ~20% of them log in to MTD like so.
How we use Facebook
I will try my best to explain this in layman terms.
There are many ways for developers, websites and apps to use the Facebook platform. Games, chat bots, you name it…
On MTD, we only use Facebook to allow our members to sign up and log in. Therefore we don’t need β and we don’t have β access to any Facebook user’s data (eg profile info, friends list, photos etc). All we have access to is an “access token“, with the most minimal permissions, which can only be used to log you in.
An access token is an opaque string that identifies a user (…) and can be used by the app to make (…) API calls (eg access user data). When someone connects with an app (eg MTD) using Facebook Login and approves the request for permissions, the app (eg MTD) obtains an access token that provides temporary, secure access to Facebook APIs (eg access user data).
Facebook
Aside from using Facebook to authenticate our members, MTD can access nothing on Facebook and do nothing on Facebook.
And that’s a good thing! Developers should not have access to more than they require.
Facebook routinely reviews websites / apps that use “Facebook Login“, to ensure we only access the users’ data that we need, and for legitimate reasons (see the Cambridge Analytica scandal).
This is all good. However, in 2021 the frequency and intensity of the reviews became ridiculous.
Our Facebook horror story
In September 2021, we received an email from Facebook asking us for a RIDICULOUS amount of information and documentation about our company’s processes, how we handle security with our employees, our servers, etc… Lots of things unrelated to our actual use of the Facebook platform. Remember, we have access to no Facebook user data at all.
Oh, and they gave us an ultimatum: provide what we ask for within 14 days, or we disable your app π³
Facebook being Facebook, it is impossible to talk to a human employee, and their automated emails are cryptic. It’s difficult to understand exactly what the problem is and what they want from us.
So we provided as much as we could, including confidential and intrusive information about our business… (what else could we do? 20% of our members were at risk of being locked out of their account) Facebook approved the review. I thought this was it and felt relieved.
Oh boy, was I wrong… πΆ
October 2021, another Facebook review, with another ridiculous amount of ridiculous questions, with a short and scary ultimatum. We answered to the best we could. They approved the review.
December 2021, again.
March 2022, again.
April 2022, again.
11 May 2022, on the same day, Facebook suspended:
- The Facebook page of My Transsexual Date (old name of My Transgender Date, which is an old Facebook page that we abandoned and where we haven’t posted in a while)
- My (Cyril) personal Facebook account
- Maki’s personal Facebook account
Maki and I are the co-founders of MTD, and the sole admins of the MTD Facebook page and the MTD Facebook app (the app is how we manage Facebook Login).
Since then, we are unable to post on the Facebook page, and unable to manage Facebook Login.
This is because our personal accounts are the gateway to all the services operated by Facebook. We lose access to our personal account, we lose access to everything.
On a personal level, Maki and I lost:
- 20 years of our digital lives: all the memories, photos, chat history, etc, that we kept on Facebook.
- Contact with friends and family who don’t have another way to reach us.
- Access to Messenger.
- Access to all the services on which we personally use Facebook Login (eg Maki can’t log in to her Lazada account, which is the equivalent of Amazon in the Philippines).
- And probably access to other things that we haven’t yet thought of (eg Oculus Quest…).
We have no idea why our website was subjected to so many ridiculous reviews, and why our personal accounts were suspended.
The automated emails we received only say we “violated the terms of Facebook”. No details at all. And Facebook employees are unreachable.
Is it a rogue Facebook employee who personally wants us down, a coordinated attack from a competitor, mass reporting from haters, cancel culture…?
Is it because of the nature of our website, or for political reasons…?
Your guess is as good as mine.
On a personal level, it sucks, but Maki and I can live without Facebook. Good riddance even.
But for MTD, this is very problematic.
What now?
For now, our members can still use “Log in with Facebook” to access their MTD account.
But God knows for how long?
Facebook will soon do yet another review. And this time I won’t be able to answer it, since the only way to answer is on Facebook’s website. And I can’t log in to Facebook, since my account is suspended π€―
Therefore, starting 20 May 2022, when a member logs in to MTD via Facebook, they will be asked to confirm their email address and choose a password. Once done, this will ensure they will always be able to access their account via email / password, regardless of if (when) Facebook gives us the final blow.
Conclusion
For our members
When we added “Facebook Login” to our website, we wanted to offer you a convenient way to sign up and log in. This worked great for almost 10 years. Unfortunately, the events of the past 6 months showed that something is wrong with Facebook, and that it can’t be trusted.
I sincerely apologise for this.
Know that I am relentlessly working and planning for the worst, and that our team will ensure that all of you will always be able to access your account. If you are stuck, just contact us.
For all Facebook users
This is a cautionary tale.
You do not own your Facebook account. Facebook owns it. And with maybe 10-20 years of your digital life on Facebook, Facebook owns YOU. They can (and they will) suspend your account at any time, for no apparent reason.
Do backups of your photos πΌοΈ
Keep a separate list of contact details of your closest friends and family πͺ
Review the list of websites where you “log in with Facebook” and consider converting your log in method to email / password instead. And use a password manager like 1Password.
For website / app developers
This is a cautionary tale too.
Maybe I am an isolated case. Maybe there are other websites / apps which are being burnt these days for building their authentication on top of Facebook (or Google, Apple, Twitter etc).
In the end, nothing is safer than a good old email address or phone number to identify users.
Facebook is a gargantuous machine, where every cog is out of touch with their users and developers. There is nothing humane at Facebook. Be prepared. The question is not if, it’s when.
Updates
19 May 2022
Yet another Facebook review with 30 days ultimatum. The review was closed after a week long exchange of emails that made no sense (I think it was closed, Facebook’s emails aren’t clear). This was my chance to talk to a human (sort of), but this person did not want to help regarding the suspension of our personal accounts.
29 May 2022
Maki noticed she could now access her personal account. No notification, no email, no explanation. At least she can now manage our Facebook page and reply to the numerous PMs and comments that have been waiting.
7 June 2022
Facebook unexpectedly suspended the Facebook Login functionality for My Ladyboy Date (more details here). But it stills works on My Transgender Date (because they’re 2 separate sites). For now.
22 June 2022
Facebook lifted the suspension of the My Transsexual Date Facebook page, but took away our username (previously facebook.com/myTSdate), because why not? π€·π»ββοΈ
Cyril’s personal account is still suspended.
30 June 2022
As expected, Facebook sent us a new “Data Use Checkup” request, which we can’t complete, since Cyril’s account (only admin authorised to do it) is suspended. The deadline is 28 Aug 2022. Therefore we expect Facebook Login to completely stop working on My Transgender Date by this date.
2 August 2022
I (Cyril) finally recovered my Facebook account and completed the “Data Use Checkup” before the deadline. Facebook Login should therefore keep working even after August 28.
Still, this does not change my decision to remove Facebook Login from our website and ask our members to log in via email address / password instead. We just don’t have a deadline anymore. For now.
6 Jun 2023
This is it. After yet another “Data Protection Assessment” review asking us for crazy, irrelevant and non-sensical information (which we refused to bow to) Facebook finally and definitely disabled our use of Facebook Login.
Since we proactively asked our members to verify their email address and migrate away from Facebook Login 9 months ago, the real impact is minimal.
End of the story. Good bye Facebook. You won’t be missed.
